{ inputs, ... }:
let
  username = "john";
  hostname = "janus";
  caURL = "https://janus.john-stream.com/";
in
{
  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
    modules = with inputs.self.modules; [
      nixos.lxc
      nixos.sops
      nixos.step-ssh-host
      inputs.home-manager.nixosModules.home-manager
      nixos."${username}"
      nixos.zsh
      nixos.docker
      nixos.login-text
      nixos.mtls
      {
        networking.hostName = hostname;
        step-ssh-host = {
          hostname = hostname;
          caURL = caURL;
        };
        mtls = {
          enable = true;
          subject = hostname;
          caURL = caURL;
          san = [
            "${hostname}.john-stream.com"
            "192.168.1.244"
          ];
        };

        home-manager.users."${username}" = {
          imports = with inputs.self.modules.homeManager; [
            sops
            step-ssh-user
          ];
          
          shell.program = "zsh";
          docker.enable = true;
          step-ssh-user = {
            enable = true;
            principals = [ "${hostname}" ];
          };
          ssh.matchSets = {
            certs = true;
            homelab = true;
          };
        };
      }
    ];
  };
}